Most banking and other transactions require some type of authentication to ensure that the person invoking the transaction has authorization to do so. Put another way, this authentication is used to confirm that the person is who he says he is. There are generally three types of authentication: something you know, something you have, and something you are. The “something you know” type of authentication may include, for instance, a user identification (“userid”) and a password. The “something you have” type of authentication may include, for instance, a key, a machine-readable card, or a time-changing passcode-generating device. The “something you are” type of authentication may include, for instance, a biometric measurement (e.g., fingerprint), a comparison of how you look to a photographic identification card, or your signature.
While these are tried-and-true types of authentication, they are not always convenient to the person invoking the transaction. For example, the person may not easily remember a password, or may forget to carry the “something you have” object. And, the “something you are” type of authentication is often not convenient to implement in a remote transaction (e.g., an Internet website-based banking transaction).
It would be desirable to either provide an alternative to at least one of the authentication techniques currently used, or to provide an additional layer of authentication to those currently used.